[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)

Tony Finch dot at dotat.at
Tue Apr 17 12:55:30 UTC 2018

Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> The Postfix DNS layer does not look for direct (a -> a) loops and
> recurses when the answer is a CNAME (in case the resolver did not
> recurse all the way to the answer).

That should be unnecessary - part of the point of a recursive server is it
does the work for you :-) So if the server returns a loopy CNAME to a
stub, it should look the same (and be treated the same) as a NOERROR /
NODATA response - a CNAME chain that doesn't end with a record of the
desired type.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
defend the right to speak, write, worship, associate, and vote freely

More information about the dns-operations mailing list